diff --git a/app/controllers/projects/protected_branches_controller.rb b/app/controllers/projects/protected_branches_controller.rb
index a0df392e424..ac68992faa0 100644
--- a/app/controllers/projects/protected_branches_controller.rb
+++ b/app/controllers/projects/protected_branches_controller.rb
@@ -15,6 +15,23 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
     redirect_to project_protected_branches_path(@project)
   end
 
+  def update
+    protected_branch = @project.protected_branches.find(params[:id])
+
+    if protected_branch &&
+       protected_branch.update_attributes(
+        developers_can_push: params[:developers_can_push]
+       )
+      flash[:notice] = 'Branch was successfully updated.'
+    else
+      flash[:alert] = 'Could not update the branch.'
+    end
+
+    respond_to do |format|
+      format.html { redirect_to project_protected_branches_path }
+    end
+  end
+
   def destroy
     @project.protected_branches.find(params[:id]).destroy
 
diff --git a/app/views/projects/protected_branches/index.html.haml b/app/views/projects/protected_branches/index.html.haml
index 2d04c572c73..183f25bfc82 100644
--- a/app/views/projects/protected_branches/index.html.haml
+++ b/app/views/projects/protected_branches/index.html.haml
@@ -40,8 +40,15 @@
               %span.label.label-info default
             %span.label.label-success
               %i.fa.fa-lock
+            - if branch.developers_can_push
+              %span.label.label-warning
+                %i.fa.fa-group
           .pull-right
             - if can? current_user, :admin_project, @project
+              - if branch.developers_can_push
+                = link_to 'Disable developers push', [@project, branch, { developers_can_push: false }], data: { confirm: 'Branch will be no longer writable for developers. Are you sure?' }, method: :put, class: "btn btn-grouped btn-small"
+              - else
+                = link_to 'Allow developers to push', [@project, branch, { developers_can_push: true }], data: { confirm: 'Branch will be writable for developers. Are you sure?' }, method: :put, class: "btn btn-grouped btn-small"
               = link_to 'Unprotect', [@project, branch], data: { confirm: 'Branch will be writable for developers. Are you sure?' }, method: :delete, class: "btn btn-remove btn-small"
 
         - if commit = branch.commit
diff --git a/config/routes.rb b/config/routes.rb
index b6c5bb5b908..397329d311c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -256,7 +256,7 @@ Gitlab::Application.routes.draw do
 
       resources :branches, only: [:index, :new, :create, :destroy], constraints: { id: Gitlab::Regex.git_reference_regex }
       resources :tags, only: [:index, :new, :create, :destroy], constraints: { id: Gitlab::Regex.git_reference_regex }
-      resources :protected_branches, only: [:index, :create, :destroy], constraints: { id: Gitlab::Regex.git_reference_regex }
+      resources :protected_branches, only: [:index, :create, :update, :destroy], constraints: { id: Gitlab::Regex.git_reference_regex }
 
       resources :refs, only: [] do
         collection do
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index d66dcad88bd..d47ef61fd11 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -80,7 +80,7 @@ module Gitlab
 
       action = if project.protected_branch?(branch_name(ref))
                  protected_branch_action(project, oldrev, newrev, branch_name(ref))
-               elsif protected_tag?(tag_name(ref))
+               elsif protected_tag?(project, tag_name(ref))
                  # Prevent any changes to existing git tag unless user has permissions
                  :admin_project
                else
@@ -114,7 +114,7 @@ module Gitlab
       end
     end
 
-    def protected_tag?(tag_name)
+    def protected_tag?(project, tag_name)
       project.repository.tag_names.include?(tag_name)
     end